Method for Authenticating Identity of Handset User in A Cloud-Computing Environment

ABSTRACT

A method for authenticating the identity of a handset user in a cloud-computing environment is provided. The method includes: obtaining, a login account and a password from the user; judging whether the login account and the password are correct; if the login account or the password is incorrect, refusing the user to access an operating system of the handset; if the login account and the password are correct, sending the login account and the password to a cloud server, wherein the login account and the password correspond to a face sample image library of the user stored on the cloud server; acquiring an input face image of the user; sending the input face image to the cloud server; authenticating, by the cloud server, the identity of the user according to the login account, the password and the input face image.

CROSS REFFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.14/486,136, filed on Sep. 15, 2014, which is a continuation of U.S.patent application Ser. No. 14/129,135, filed on Dec. 24, 2013, which isa continuation of International Application No. PCT/CN2011/076623, filedon Jun. 30, 2011, all of which are hereby incorporated by reference intheir entireties.

FIELD OF THE INVENTION

The present invention relates to the field of communicationtechnologies, and in particular, to a method for authenticating theidentity of a handset user in a cloud-computing environment.

BACKGROUND OF THE INVENTION

With the widespread popularity of handsets, especially smart handsets,the security of the operating systems of the handsets becomesincreasingly important. Currently, most smart handsets only use a loginaccount and a password of a user as a means for identity authentication.However, this method is not secure, and as soon as the login account andthe password are stolen by other users, all data on the operating systemof the handset is exposed.

The technology using biological features of a human body, especially theface, for security authentication, develops rapidly. However, thecomputational complexity of the face authentication is high, and thecomputational resources of a handset are generally limited, so that itis difficult to support the face authentication with a heavycomputational burden. In addition, in conventional face authenticationsystems, face authentication algorithms are rough and thus theprobability of misjudgment is very high.

SUMMARY OF THE INVENTION

Embodiments of the present invention provide a method for authenticatingthe identity of a handset user in a cloud-computing environment.Embodiments of the present invention are based on the cloud computingtechnology, the cloud server can bear the load of identityauthentication, thus improving the security of the operating system ofthe handset, enhancing the user's experience and raising the precisionof the face authentication.

An embodiment of the present invention provides a method forauthenticating the identity of a handset user in a cloud-computingenvironment, wherein the user's handset is connected to the cloud serverthrough a communication network, the cloud server stores a face sampleimage library corresponding to the user, and the method includes:

obtaining, by the handset, a login account and a password from the user;

judging, by the handset, whether the login account and the password arecorrect;

if the login account or the password is incorrect, refusing, by thehandset, the user to accessan operating system of the handset;

if the login account and the password are correct, sending, by thehandset, the login account and the password to the cloud server, whereinthe login account and the password correspond to a face sample imagelibrary of the user stored on the cloud server;

acquiring, by the handset, an input face image of the user;

sending, by the handset, the input face image to the cloud server;

authenticating, by the cloud server, the identity of the user accordingto the login account, the password and the input face image;

judging, by the cloud server, whether the user is allowed to access theoperating system of the handset;

wherein the step of judging whether the user is allowed to access theoperating system of the handset comprises:

step A. determining, by the cloud server, according to the login accountand the password, the face sample image library of the usercorresponding to the login account and the password;

step B. obtaining, by the cloud server, a face feature similarity value(FFSV) according to the input face image and the face sample imagelibrary; wherein the face feature similarity value represents the degreeof similarity between the input face image and each face sample image inthe face sample image library;

wherein the step of B comprises:

step B 1. obtaining, by the cloud server, a face region image from theinput face image;

step B2. calculating, by the cloud server, a first characteristic valueof each face sample image in the face sample image library and a secondcharacteristic value of the face region image;

step B3. calculating, by the cloud server, a characteristic distancebetween the first characteristic value of each face sample image in theface sample image library and the second characteristic value of theface region image, to obtain multiple second characteristic distances;determining, by the cloud server, a face feature similarity value (FFSV)according to the multiple second characteristic distances;

step C. judging, the cloud server, whether the face feature similarityvalue is larger than a preset threshold, wherein the preset threshold isobtained according to multiple first characteristic distances betweeneach face sample image in the face sample image library;

step D. if the face feature similarity value is not larger than thepreset threshold, allowing, by the cloud server, the user to access theoperating system of the handset;

step E. if the face feature similarity value is larger than the presetthreshold, calculating, by the cloud server, a first number and a secondnumber, wherein the first number is the number of face sample images inthe face sample image library corresponding to the first characteristicdistances which are larger than the face feature similarity value, andthe second number is the number of face sample images in the face sampleimage library corresponding to the first characteristic distances whichare not larger than the face feature similarity value; judging, by thecloud server, whether the first number is larger than the second number;

step F. if the first number is smaller than the second number, refusingthe user to access the operating system of the handset;

step G. if the first number is not smaller than the second number,allowing, by the cloud server, the user to access the operating systemof the handset.

In the embodiment of the present invention, the cloud server can bearthe load of identity authentication, thus improving the security of theoperating system of the handset, enhancing the user's experience andraising the precision of the face authentication.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a flow chart of a method for authenticating the identity of ahandset user according to the first embodiment of the present invention.

FIG. 2 is a schematic structural view illustrating a cloud serveraccording to the second embodiment of the present invention.

FIG. 3 is a schematic structural view illustrating a unit fordetermining a FFSV of the cloud server according to the secondembodiment of the present invention.

FIG. 4 is a schematic structural view illustrating a network systemaccording to the third embodiment of the present invention.

DETAILED DESCRIPTION OF THE EMBODIMENTS

Cloud computing is an Internet-based computation method, by which sharedsoftware and hardware resources and information may be provided tocomputers, handsets and other devices as required. A typical cloudcomputing provider tends to provide general network serviceapplications, which may be accessed by software such as a browser orother Web services, and the software and data are all stored on a cloudserver.

Embodiments of the present invention are based on the cloud computingtechnology, and the task for authenticating the identity of a handsetmay be assigned to a cloud server, so that the burden of the handset isreduced, and high-overhead services can be introduced into the handset,thus enhancing the user's experience.

In the embodiments of the present invention, the user's handset isconnected to the cloud server through a communication network, the cloudserver stores a face sample image library corresponding to the user andmay be managed by a telecommunication operator, and the user registersthe face sample images with the cloud server of the telecommunicationoperator when subscribing. The cloud server binds the user's handsetnumber, the login account and password of the operating system of thehandset and other information to the face sample image library.

Embodiment 1

FIG. 1 shows a flowchart of a method for authenticating the identity ofa handset user according to the first embodiment of the presentinvention. As shown in FIG. 1, the method includes the following steps:

Step S101: The user enters a login account and a password on thehandset.

Step S103: The handset judges whether the login account and the passwordare correct.

Step S105: If the login account or the password is incorrect, the useris not allowed to access the operating system of the handset and anerror is displayed.

Step S107: If the login account and the password are correct, the loginaccount and the password are sent to the cloud server, where the loginaccount and the password correspond to a face sample image library ofthe user stored on the cloud server.

Step S109: The handset starts a camera to acquire an input face image ofthe user and send the input face image to the cloud server.

Step S111: The cloud server authenticates the identity of the useraccording to the login account, the password and the input face imageand judges whether the user is allowed to access the operating system ofthe handset. Step S111 specifically includes:

Step S111-2: The cloud server determines, according to the login accountand the password, the face sample image library of the usercorresponding to the login account and the password.

Step S111-4: The cloud server obtains a face feature similarity value(FFSV) according to the input face image and the face sample imagelibrary; the face feature similarity value represents the degree ofsimilarity between the input face image and each face sample image, andthe smaller the face feature similarity value (FFSV) is, the moresimilar the input face image and each face sample image are.

Step S111-4 specifically includes:

Step S111-4-1: Through face detection, the cloud server obtains a faceregion image from the face input image; mainly, the face detectionmethod is comparing the face skin color regions of the input face imageand the face sample images, and extracting the face region image basedon the proportion of the head shape.

Step S111-4-3: The cloud server calculates a first characteristic valueof each face sample image in the face sample image library and a secondcharacteristic value of the face region image.

Step S111-4-5: The cloud server calculates an characteristic distancebetween the first characteristic value of each face sample image in theface sample image library and the second characteristic value of theface region image, to obtain multiple second characteristic distances,and determines a face feature similarity value (FFSV) according to themultiple second characteristic distances; and the face featuresimilarity value (FFSV) represents the degree of similarity between theinput face image and each face sample image, and the smaller the facefeature similarity value is, the more similar the input face image andeach face sample image are. The face feature similarity value may be themaximum value among multiple second characteristic distances, or may bean average value of multiple second characteristic distances.

Step S111-6: The cloud server judges whether the face feature similarityvalue is larger than a preset threshold, wherein the preset threshold isobtained from multiple first characteristic distances between each facesample image in the face sample image library; and the preset thresholdmay be the maximum value in multiple first characteristic distances, ormay be an average value of multiple first characteristic distances.

Step S111-8: If the face feature similarity value is not larger than thepreset threshold, that is, the similarity of the user's face image andthe face sample images in the face sample image library meets securityrequirements, the user is allowed to access the operating system of thehandset.

Step S111-10: If the face feature similarity value is larger than thepreset threshold, that is, the similarity of the user's face image andthe face sample images in the face sample image library fails to meetsecurity requirements, the cloud server makes statistics respectivelyregarding how many face sample images whose first characteristicdistance is larger or smaller than the face feature similarity valuethere are, that is, a first number and a second number, wherein thefirst number is the number of face sample images in the face sampleimage library corresponding to the first characteristic distances whichare larger than the face feature similarity value, and the second numberis the number of face sample images in the face sample image librarycorresponding to the first characteristic distances which are not largerthan the face feature similarity value; and then, judges whether thefirst number is larger than the second number.

Step S111-12: If the first number is smaller than the second number, theuser is not allowed to access the operating system of the handset.

Step S111-14: If the first number is not smaller than the second number,the user is allowed to access the operating system of the handset.

The following further describes how the embodiment of the presentinvention extracts the face image features and determines the firstcharacteristic value of each face sample image in the face sample imagelibrary, the second characteristic value of the face region image, thefirst characteristic distances between the face sample images in theface sample image library, the second characteristic distance betweeneach face sample image in the face sample image library and the faceregion image, the preset threshold and the face feature similarityvalue.

A face sample image X (x,y) is taken as an example. The face sampleimage X (x,y) is a 2-dimensional 64×64 grayscale image, where xrepresents a horizontal coordinate pixel and y represents a verticalordinate pixel. The face sample image library consists of M face sampleimages (M is the number of the face sample images in the face sampleimage library), and maybe represented by {X_(i)|i=1,2, . . . , M}. The Mface sample images are superimposed according to face positions toobtain an average value of all images after the superimposition, thatis,

${\overset{\_}{X} = {\frac{1}{M}{\sum\limits_{i = 1}^{M}X_{i}}}},$

The difference between each face sample image X_(i) and the averagevalue X is: φ_(i)=X_(i)− X(i=1, . . . , M).

A covariance matrix is constructed: C=AA^(T). Where, A=[φ₁, φ₂, . . . ,φ_(M)] is a linear combination of difference vectors. For a 64×64 faceimage, the size of the covariance matrix C is 4096×4096, and it isdifficult to obtain its eigenvalues and eigenvectors directly. Accordingto the singular value decomposition theorem, the eigenvalues and theeigenvectors of C=AA^(T) are obtained by finding the eigenvalues and theeigenvectors of A^(T)A. Assuming λ_(i)(i=1, 2, . . . , r) is r nonzeroeigenvalues of the matrix A^(T)A, and v_(i) is an eigenvector of A^(T)Acorresponding to λ_(i), then the orthogonal normalized eigenvector ofC=AA^(T) is

${u_{i} = {\frac{1}{\sqrt{\lambda_{i}}}{Av}_{i}}},$

and the eigenvalues corresponding to the sample covariance are arrangedin order of magnitude: λ_(i)≧λ₂≧ . . . ≧λ_(r). Assuming that thecorresponding eigenvector of λ_(i) is u_(i), each face sample image maybe projected to an eigenspace U formed by u₁, u₂, . . . , u_(r).

In the specific application, the first d eigenvalues may be selected asthe eigenspace, and because the dimensions of this eigenspacev are lowerthan the dimensions of the original face sample images, after each facesample image is projected to the eigenspace U formed by u₁, u₂, . . . ,u_(r), the dimensions of the face sample images are decreased greatly,thus achieving the objective of decreasing dimensions and extractingfeatures. The principle for selection is determined according to theenergy proportion of the eigenvalues a, and generally, the value of α isfrom 95% to 99%.

In order to improve the efficiency and precision of feature extraction,the embodiment of the present invention provides a method for findingthe eigenvectors of the face sample images by dividing the face sampleimages into blocks. A face has three distinguishing features: eyes, noseand mouth, and they are respectively located at upper, middle and lowerblocks of the face. Therefore, a face image is divided into threeindependent sub-blocks according to the three distinguishing features,that is, the upper part includes the eyes, the middle part includes thenose, and the lower part includes the mouth.

Through the block division, a face sample image becomes threesub-images, and thus each face sample image X_(i) may be denoted asX_(i)=[X_(i) ^(u) X_(i) ^(b)]^(T) (i=1, 2, . . . M), where X_(i) ^(u)represents an upper sub-block image, Z_(i) ^(m) represents the middlesub-block image, and X_(i) ^(b) represents a lower sub-images.

The original one face sample image library becomes three sub-block imagelibraries independent of each other, that is, X_(i) ^(u), X_(i) ^(m) andX_(i) ^(b) (i=1, 2, . . . , M). If X_(i) is a matrix of Prows and Qcolumns, X_(i) ^(u) is a matrix of P_(i)rowsand Q columns, X_(i) ^(m) isa matrix of P₂rowsand Q columns, and X_(i) ^(b) is a matrix of P₃rowsandQ columns, where P₁+P₂+P₃=P.

All upper sub-images of the face sample image library constitute anupper sub-block image library, and similarly, the middle and lowersub-images respectively constitute a middle sub-block image library anda lower sub-block image library. In the process of feature extraction,they will be treated as three independent sub-block image libraries.

Considering that the samples in the face sample image library arelimited, the embodiment of the present invention provides the followingalgorithm which can increase the number of samples without sampling,thus improving the precision of feature extraction. The methodspecifically includes the following steps:

1. For the face sample image X (an m×n matrix), a dual sample X′ isgenerated, where X′=XY , Y is an n×n matrix in which anti-diagonalelements are is and other elements are 0s, that is:

${X = \begin{bmatrix}{X\left( {1,1} \right)} & {X\left( {1,2} \right)} & \ldots & {X\left( {1,n} \right)} \\\vdots & \vdots & \ddots & \vdots \\{X\left( {m,1} \right)} & {X\left( {m,2} \right)} & \ldots & {X\left( {m,n} \right)}\end{bmatrix}},{X^{\prime} = \begin{bmatrix}{X\left( {1,n} \right)} & {X\left( {1,{n - 1}} \right)} & \ldots & {X\left( {1,1} \right)} \\\vdots & \vdots & \ddots & \vdots \\{X\left( {m,n} \right)} & {X\left( {m,{n - 1}} \right)} & \ldots & {X\left( {m,1} \right)}\end{bmatrix}}$

Where, the matrix Y is symmetric, that is Y=Y^(T); and orthogonal, thatis YY^(T)=YY^(T)=I (I represents a unit matrix).

X is decomposed into a first sample X_(e)=(X+X′)/2an_(d) a second sampleX_(o)=(X−X′)/2 Therefore, the relationship between the average value ofthe dual samples X′ and the covariance matrix C′ is as follows:

X′= XY, C′=Y^(T)CY

The relationship between the average value of the first samples X_(e)and the covariance matrix C_(e) is as follows:

X _(e) = X (I+Y)/2, C _(e)=(I+Y)^(T) C(I+Y)/4

The relationship between the average value of the second samples X _(o)and the covariance matrix C_(o) is as follows:

X _(o) = X (I−Y)/2, C _(o)=(I−Y)^(T) C(I−Y)/4

According to mathematical theory, it can be determined that theeigenspace of the first samples X_(e) and the eigenspace of the secondsamples X _(o) are orthogonal, and that the eigenspace of X is a directsum of the eigenspace of the first samples X_(e) and the eigenspace ofthe second samples X _(o).

Therefore, the first eigenspace U_(e) and the second eigenspace U_(o)may be respectively obtained with respect to X_(e) and X_(o) based onthe feature extraction algorithm, and then, the eigenvectors with highrecognition precision and large variance are selected from the firsteigenspace U_(e) and the second eigenspace U_(o) to constitute theeigenspace U of X. Then, by using U as a feature transformation matrix,features are extracted through V=AU.

The method according to the embodiment of the present invention ishereinafter described in conjunction with the face sample image libraryafter block division. By taking the upper sub-block image library as anexample, a dual sample X_(i) ^(u′) (i=1, 2, . . . , M) is generated foreach sample X_(i) ^(u) (i=1, 2, . . . , M) in the upper sub-block imagelibrary, where X_(i) ^(u′)=X_(i) ^(u)Y, Y is a Q×Q matrix in which theanti-diagonal elements are is and other elements are 0s, that is:

$X_{i}^{u} = \begin{bmatrix}{X_{i}^{u}\left( {1,1} \right)} & {X_{i}^{u}\left( {1,2} \right)} & \ldots & {X_{i}^{u}\left( {1,Q} \right)} \\\vdots & \vdots & \ddots & \vdots \\{X_{i}^{u}\left( {P_{1},1} \right)} & {X_{i}^{u}\left( {P_{1},2} \right)} & \ldots & {X_{i}^{u}\left( {P_{1},Q} \right)}\end{bmatrix}$ $X_{i}^{u\; \prime} = \begin{bmatrix}{X_{i}^{u}\left( {1,Q} \right)} & {X_{i}^{u}\left( {1,{Q - 1}} \right)} & \ldots & {X_{i}^{u}\left( {1,1} \right)} \\\vdots & \vdots & \ddots & \vdots \\{X_{i}^{u}\left( {P_{1},Q} \right)} & {X_{i}^{u}\left( {P,{Q - 1}} \right)} & \ldots & {X_{i}^{u}\left( {P,1} \right)}\end{bmatrix}$

X_(i) ^(u) is decomposed into a first sample X_(i e) ^(u)=(X_(i)^(u)+X_(i) ^(u′))/2 and a second sample X_(i o) ^(u)=(X_(i) ^(u)−X_(i)^(u′))/2. Similarly, a dual sample X_(i) ^(m′) (i=1, 2, . . . , M) isgenerated for each sample X_(i) ^(m)(i=1, 2, . . . , M) in the middlesub-block image library, and a dual sample X_(i) ^(b′) (i=1, 2, . . .,M) is generated for each sample X_(i) ^(b)(i=1, 2, . . . , M) in thelower sub-block image library. Similarly, X_(i) ^(m) is decomposed intoX_(i e) ^(m)=(X_(i) ^(m)+X_(i) ^(m′))/2 and X_(i o) ^(m)=(X_(i)^(m)−X_(i) ^(m′))/2, and X_(i) ^(b) is decomposed into X_(i e)^(b)=(X_(i) ^(b)+X_(i) ^(b′))/2 and X_(i o) ^(b)=(X_(i) ^(b)−X_(i)^(b′))/2.

A first eigenspace U^(u) _(i,e) and a second eigenspace U^(u) _(i,o) areobtained respectively with respect to X_(i e) ^(u) and X^(i) _(i o) ^(u)based on the foregoing feature extraction algorithm, and then, theeigenvectors with high recognition precision and large variance areselected from the first eigenspace U^(u) _(i,e) and the secondeigenspace U^(u) _(i,o) to constitute an eigenspace U^(u) _(i); and byusing U^(u) _(i) as a feature transformation matrix, the projection ofX_(i) ^(u) in the eigenspace U^(u) _(i), namely V_(i) ^(u), is extractedthrough V_(i) ^(u)=X_(i) ^(u)U^(u) _(i).

A feature extraction is performed with respect to each sample X_(i) ^(m)and X_(i) ^(b)(i=1, 2, . . . , M) in the middle sub-block image libraryand the lower sub-block image library by using the same method, wherethe projection of each sample X_(i) ^(m) and X_(i) ^(b)(i=1, 2, . . . ,M) of the middle sub-block image library and the lower sub-block imagelibrary in respective eigenspaces is recorded as V_(i) ^(m) and V_(i)^(b).

Assuming that V_(i) ^(u) is a k_(i,1)-dimensional vector, for aneigenmatrix

$V_{i}^{u} = \begin{bmatrix}{t^{i}\left( {1,1} \right)} & \ldots & {t^{i}\left( {1,k_{i,1}} \right)} \\\vdots & \ddots & \vdots \\{t^{i}\left( {P_{1},1} \right)} & \ldots & {t^{i}\left( {P_{1},k_{i,1}} \right)}\end{bmatrix}$

of each sample X_(i) ^(n) (i=1,2, . . . , M) in the upper sub-blockimage library, a characteristic value T_(i) ^(u) is calculatedrespectively, that is:

$T_{i}^{u} = {\sqrt{\sum\limits_{{n = 1},{l = 1}}^{P_{1},k_{i,1}}\left( {t^{i}\left( {n,l} \right)} \right)^{2}}.}$

For the eigenspace V_(i) ^(m) (a k_(i,2)-dimensional vector) and V_(i)^(b) (a k_(i,3)-dimensional vector) of each sample X_(i) ^(m) and X_(i)^(b) (i=1, 2, . . . , M) of the middle sub-block image library and thelower sub-block image library, characteristic values

${T_{i}^{m}\sqrt{\sum\limits_{{n = 1},{l = 1}}^{P_{2},k_{i,2}}\left( {t^{i}\left( {n,l} \right)} \right)^{2}}\mspace{14mu} {and}\mspace{14mu} T_{i}^{b}} = \sqrt{\sum\limits_{{n = 1},{l = 1}}^{P_{3},k_{i,3}}\left( {t^{i}\left( {n,l} \right)} \right)^{2}}$

calculated respectively.

An average value of the characteristic values T_(i) ^(u), T_(i) ^(m) andT_(i) ^(b) of each sample X_(i) ^(u), X_(i) ^(m) and X_(i) ^(b) of theupper sub-block image library, the middle sub-block image library andthe lower sub-block image library is calculated to obtain the firstcharacteristic value T_(i)=(T_(i) ^(u)+T_(i) ^(m)+T_(i) ^(b))/3 of eachface sample X_(i) in the face sample image library, where (i=1, 2, . . ., M).

Described above is the processing of the face sample image library.Corresponding processing is performed for the input face region image byusing the same method, that is, dividing the input face region imageinto blocks, calculating the corresponding characteristic value of eachblock respectively, finding the sum of these characteristic values toobtain an average value, and finally obtaining the second characteristicvalue T of the input face region image.

The embodiment of the present invention provides a method forcalculating an characteristic distance, i.e. calculating multiple firstcharacteristic distances between face sample images according to a firstcharacteristic value of each face sample image in the face sample imagelibrary. The method specifically includes the following steps:

For face sample images X_(i) and X_(j) (i, j=1, 2, . . . , M, wherei≠j), the first Characteristic distance between the two face sampleimages D(X_(i), X_(j))=√{square root over ((T_(i)−T_(j))²)}, andmultiple first characteristic distances between the face sample imagesare calculated. There are M*(M−1)/2 first characteristic distances intotal.

Then, a preset threshold is obtained according to the M*(M−1)/2 firstcharacteristic distances between each face sample image in the facesample image library, where the preset threshold may be the maximumvalue in the M*(m−1)/2 first characteristic distances, or the averagevalue of the M*(M−1)/2 first characteristic distances.

Similarly, according to the second characteristic value T of the inputface region image and the First characteristic value of each face sampleimage in the face sample image library, multiple second characteristicvalues D(X_(i), X)=√{square root over ((T_(i)−T)²)} (i=1, 2, . . . , M)may be obtained, and there are M second characteristic distances. Then,a face feature similarity value is determined according to the M secondcharacteristic distances, where the face feature similarity value may bethe maximum value of the M second characteristic distances or theaverage value of the M second characteristic distances.

That is, the step of calculating the first characteristic value of eachface sample image in the face sample image library includes:

dividing the face sample image X_(i) into three sub-images, that is,X_(i) ^(u), X_(i) ^(m) and X_(i) ^(b) (i=1, 2, . . . , M);

generating dual samples respectively for X_(i) ^(u), X_(i) ^(m) andX_(i) ^(b);

decomposing X_(i) ^(u), X_(i) ^(m) and X_(i) ^(b) respectively into afirst sample X_(i e) ^(u)=(X_(i) ^(u)+X_(i) ^(u′))/2 and a second sampleX_(i o) ^(u)=(X_(i) ^(u)−X_(i) ^(u′))/2 according to the dual samples;

constructing a covariance matrix with respect to the first sample andthe second sample respectively;

determining the orthogonal normalized eigenvectors of the covariancematrix of the first sample and the orthogonal normalized eigenvectors ofthe covariance matrix of the second sample respectively;

according to the first eigenspace formed by the orthogonal normalizedeigenvectors of the covariance matrix of the first sample and the secondeigenspace formed by the orthogonal normalized eigenvectors of thecovariance matrix of the second sample, determining the projections ofthe first sample and the second sample respectively in the firsteigenspace and the second eigenspace;

determining the characteristic values of X_(i) ^(u), X_(i) ^(m) andX_(i) ^(b) according to the projections of the first sample and thesecond sample in the first eigenspace and the second eigenspace; and

determining the first characteristic value of the face sample imageX_(i) according to the characteristic values of X_(i) ^(u), X_(i) ^(m)and X_(i) ^(b).

Calculating the second characteristic value of the input face regionimage includes the steps of:

dividing the input face region image into three sub-images;

generating corresponding dual samples respectively with respect to thethree sub-images;

decomposing the three sub-images into a first sample and a second samplerespectively according to the dual samples corresponding to the threesub-images;

constructing a covariance matrix respectively with respect to the firstsample and the second sample of the three sub-images;

determining the orthogonal normalized eigenvectors of the covariancematrix of the first sample and the orthogonal normalized eigenvectors ofthe covariance matrix of the second sample respectively;

according to the eigenspace formed by the orthogonal normalizedeigenvectors of the covariance matrix of the first sample and theeigenspace formed by the orthogonal normalized eigenvectors of thecovariance matrix of the second sample, determining the projections ofthe first sample and the second sample in the eigenspace;

determining the characteristic values of the three sub-images accordingto the projections of the first sample and the second sample in theeigenspace; and

determining the second characteristic value of the input face regionimage according to the characteristic values of the three sub-images.

The embodiment of the present invention further includes: if the firstnumber is not smaller than the second number, updating the face sampleimage library by using the input face image, where the updating policymay be replacing the oldest face sample image, or replacing the facesample image that is most different from the input face image.

In addition, the first characteristic distance of the face sample imagelibrary in the cloud server may be recalculated, and according to thefirst characteristic distance, a new preset threshold may be determinedto replace the preset threshold. Thus, a dynamic update of the facesample image library is implemented.

With the method for authenticating the identity of a handset useraccording to the embodiment of the present invention, the cloud servercan bear the load of identity authentication, thus improving thesecurity of the operating system of the handset, enhancing the user'sexperience and raising the precision of the face authentication.

Embodiment 2

Another embodiment of the present invention further provides a cloudserver. As shown in FIG. 2, the cloud server includes:

a memory 200, configured to store a face sample image library of a user;

a receiver 201, configured to receive a login account, a password and aninput face image of the user;

a determining unit 203, configured to determine the face sample imagelibrary of the user corresponding to the login account and the password;wherein the face sample image library of the user is stored in thememory 200;

a unit for determining a face feature similarity value 205, configuredto determine a face feature similarity value (FFSV) according to theinput face image and the face sample image library; as shown in FIG. 3,the unit for determining a FFSV 205 includes: a unit for obtaining aface region image 205-2, a unit for calculating a characteristic value205-4 and a unit for calculating a characteristic distance 205-6,wherein:

the unit for obtaining a face region image 205-2, is configured toobtains a face region image from the input face image through facedetection;

the unit for calculating a characteristic value 205-4, is configured tocalculate a first characteristic value of each face sample image in theface sample image library and a second characteristic value of the faceregion image; and

the unit for calculating a characteristic distance 205-6, is configuredto calculate an characteristic distance between the first characteristicvalue of each face sample image in the face sample image library and thesecond characteristic value of the face region image, to obtain multiplesecond characteristic distances, and determines a face featuresimilarity value (FFSV) according to the multiple second characteristicdistances;

a first determining unit 207, configured to judge whether the facefeature similarity value is larger than a preset threshold, wherein thepreset threshold is obtained from multiple first characteristicdistances between each face sample image in the face sample imagelibrary;

a first permitting unit 209, configured to allow the user to access theoperating system of the handset, if the face feature similarity value isnot larger than the preset threshold;

a second determining unit 211, configured to determine a first numberand a second number, where the first number is the number of face sampleimages in the face sample image library corresponding to the firstcharacteristic distances which are larger than the face featuresimilarity value, and the second number is the number of face sampleimages in the face sample image library corresponding to the firstcharacteristic distances which are not larger than the face featuresimilarity value, if the face feature similarity value is larger thanthe preset threshold;

a refusing unit 213, configured to refuse the user to access theoperating system of the handset, if the first number is smaller than thesecond number, a second permitting unit 215, configured to allowed theuser to access the operating system of the handset, if the first numberis not smaller than the second number.

Optionally, the cloud server may further includes: a first updating unit217, configured to update the face sample image library by using theinput face image, if the first number is not smaller than the secondnumber.

Optionally, the cloud server may further includes: a second updatingunit 219, configured to Recalculate the first characteristic distance ofthe face sample image library in the cloud server, and according to thefirst characteristic distance, replace the preset threshold with the newpreset threshold.

the unit for calculating a characteristic value 205-4 includes:

a first dividing unit 205-41, configured to divide the face sample imageX_(i) iinto three sub-images, that is, X_(i) ^(u), X_(i) ^(m) and X_(i)^(b)(i=1, 2, . . . , M);

a first generating unit 205-43, configured to generate dual samplesrespectively for X_(i) ^(u), X_(i) ^(m) and X_(i) ^(b);

a first decomposing unit 205-45, configured to decompose X_(i) ^(u), andX_(i) ^(b) respectively into a first sample X_(i e) ^(u)=(X_(i)^(u)+X_(i) ^(u′))/2 and a second sample X_(i o) ^(u)=(X_(i) ^(u)−X_(i)^(u′))/² according to the dual samples;

a first covariance matrix constructing unit 205-47, configured toconstruct a covariance matrix with respect to the first sample and thesecond sample respectively;

a first eigenvector calculating unit 205-49, configured to determine theorthogonal normalized eigenvectors of the covariance matrix of the firstsample and the orthogonal normalized eigenvectors of the covariancematrix of the second sample respectively;

a first projection calculating unit 205-411, configured to determine theprojections of the first sample and the second sample respectively inthe first eigenspace and the second eigenspace, according to the firsteigenspace formed by the orthogonal normalized eigenvectors of thecovariance matrix of the first sample and the second eigenspace formedby the orthogonal normalized eigenvectors of the covariance matrix ofthe second sample;

a first characteristic value calculating unit 205-413, configured todetermine the characteristic values of X_(i) ^(u), X_(i) ^(n) and X_(i)^(b) according to the projections of the first sample and the secondsample in the first eigenspace and the second eigenspace;

a second dividing unit 205-415, configured to divide the input faceregion image into three sub-images;

a second generating unit 205-417, configured to generate correspondingdual samples respectively with respect to the three sub-images;

a second decomposing unit 205-419, configured to decompose threesub-images into a first sample and a second sample according to the dualsamples corresponding to the three sub-images;

a second covariance matrix constructing unit 205-421, configured toconstruct a covariance matrix respectively with respect to the firstsample and the second sample of the three sub-images;

a second eigenvector calculating unit 205-423, configured to determinethe orthogonal normalized eigenvectors of the covariance matrix of thefirst sample and the orthogonal normalized eigenvectors of thecovariance matrix of the second sample respectively;

a second projection calculating unit 205-425, configured to determinethe projections of the first sample and the second sample respectivelyin the eigenspace, according to the first eigenspace formed by theorthogonal normalized eigenvectors of the covariance matrix of the firstsample and the second eigenspace formed by the orthogonal normalizedeigenvectors of the covariance matrix of the second sample;

a second characteristic value calculating unit 205-427, configured todetermine characteristic values of the three sub-images according to theprojections of the first sample and the second sample in the eigenspace,and the characteristic values of the input face region according to thecharacteristic values of the three sub-images.

In the embodiment of the present invention, the cloud server can bearthe load of identity authentication, thus improving the security of theoperating system of the handset, enhancing the user's experience andraising the precision of the face authentication.

Embodiment 3

One embodiment of the present invention further provide a network systemas shown in FIG. 4, including a handset 502 and a cloud server 504,wherein the user's handset 502 is connected to the cloud server 504through a communication network; and the handset is configured to obtaina login account and a password input by the user, judge whether thelogin account and the password are correct; if the login account or thepassword is incorrect, allow the user to access the operating system ofthe handset; if the login account and the password are correct, send thelogin account and the password to the cloud server, where the loginaccount and the password correspond to a face sample image library ofthe user stored on the cloud server; acquire an input face image of theuser and send the input face image to the cloud server;

the cloud server is configured to store a face sample image librarycorresponding to the user, authenticate the identity of the useraccording to the login account, the password and the input face imageand judge whether the user is allowed to access the operating system ofthe handset.

The function specially includes:

Step A. The cloud server determines, according to the login account andthe password, the face sample image library of the user corresponding tothe login account and the password;

Step B. The cloud server obtains a face feature similarity value (FFSV)according to the face input image and the face sample image library; andthe step B especially includes:

B1. Through face detection, the cloud server obtains a face region imagefrom the face input image;

B2. The cloud server calculates a first characteristic value of eachface sample image in the face sample image library and a secondcharacteristic value of the face region image;

B3. The cloud server calculates an characteristic distance between thefirst characteristic value of each face sample image in the face sampleimage library and the second characteristic value of the face regionimage, to obtain multiple second characteristic distances, anddetermines a face feature similarity value (FFSV) according to themultiple second characteristic distances;

Step C. The cloud server judges whether the face feature similarityvalue is larger than a preset threshold, where the preset threshold isobtained from multiple first characteristic distances between each facesample image in the face sample image library;

Step D. If the face feature similarity value is not larger than thepreset threshold, that is, the similarity of the user's face image andthe face sample images in the face sample image library meets securityrequirements, the user is allowed to access the operating system of thehandset;

Step E. If the face feature similarity value is larger than the presetthreshold, that is, the similarity of the user's face image and the facesample images in the face sample image library fails to meet securityrequirements, the cloud server makes statistics respectively regardinghow many face sample images whose first characteristic distance islarger or smaller than the face feature similarity value there are, thatis, a first number and a second number, where the first number is thenumber of face sample images in the face sample image librarycorresponding to the first characteristic distances which are largerthan the face feature similarity value, and the second number is thenumber of face sample images in the face sample image librarycorresponding to the first characteristic distances which are not largerthan the face feature similarity value; and then, judges whether thefirst number is larger than the second number;

Step F. If the first number is smaller than the second number, the useris not allowed to access the operating system of the handset;

Step G. If the first number is not smaller than the second number, theuser is allowed to access the operating system of the handset.

The structure of the cloud server can be the one as described inEmbodiment 2.

In the embodiment of the present invention, the cloud server can bearthe load of identity authentication, thus improving the security of theoperating system of the handset, enhancing the user's experience andraising the precision of the face authentication.

Persons of ordinary skill in the art should understand that all or apart of the steps of the method according to the embodiments of thepresent invention may be implemented by a program instructing relevanthardware. The program may be stored in a computer readable storagemedium. When the program is run, the steps of the method according tothe embodiments of the present invention are performed. The storagemedium may be any medium that is capable of storing program codes, suchas a Read Only Memory (ROM), a Random Access Memory (RAM), a magneticdisk, and an optical disk.

Finally, it should be noted that the above embodiments are merelyprovided for describing the technical solutions of the presentinvention, but not intended to limit the present invention. It should beunderstood by persons of ordinary skill in the art that although thepresent invention has been described in detail with reference to theforegoing embodiments, modifications can be made to the technicalsolutions described in the foregoing embodiments, or equivalentreplacements can be made to some technical features in the technicalsolutions, as long as such modifications or replacements do not causethe essence of corresponding technical solutions to depart from thespirit and scope of the present invention.

What is claimed is:
 1. A method for authenticating the identity of ahandset user in a cloud-computing environment, wherein the handset isconnected to a cloud server through a communication network, the cloudserver stores a face sample image library corresponding to the user, andthe method comprises: obtaining, by the handset, a login account and apassword from the user; judging, by the handset, whether the loginaccount and the password are correct; if the login account or thepassword is incorrect, refusing, by the handset, the user to access anoperating system of the handset; if the login account and the passwordare correct, sending, by the handset, the login account and the passwordto the cloud server, wherein the login account and the passwordcorrespond to a face sample image library of the user stored on thecloud server; acquiring, by the handset, an input face image of theuser; sending, by the handset, the input face image to the cloud server;authenticating, by the cloud server, the identity of the user accordingto the login account, the password and the input face image; judging, bythe cloud server, whether the user is allowed to access the operatingsystem of the handset; wherein the step of judging whether the user isallowed to access the operating system of the handset comprises: step A.determining, by the cloud server, according to the login account and thepassword, the face sample image library of the user corresponding to thelogin account and the password; step B. obtaining, by the cloud server,a face feature similarity value, FFSV, according to the input face imageand the face sample image library; wherein the face feature similarityvalue represents the degree of similarity between the input face imageand each face sample image in the face sample image library; step C.judging, by the cloud server, whether the face feature similarity valueis larger than a preset threshold, wherein the preset threshold isobtained according to multiple first characteristic distances betweeneach face sample image in the face sample image library; step D. if theface feature similarity value is not larger than the preset threshold,allowing, by the cloud server, the user to access the operating systemof the handset; step E. if the face feature similarity value is largerthan the preset threshold, calculating, by the cloud server, a firstnumber and a second number, wherein the first number is the number offace sample images in the face sample image library corresponding to thefirst characteristic distances which are larger than the face featuresimilarity value, and the second number is the number of face sampleimages in the face sample image library corresponding to the firstcharacteristic distances which are not larger than the face featuresimilarity value; judging, by the cloud server, whether the first numberis larger than the second number; step F. if the first number is smallerthan the second number, refusing the user to access the operating systemof the handset; step G. if the first number is not smaller than thesecond number, allowing, by the cloud server, the user to access theoperating system of the handset; and the step of B comprises: step B 1.obtaining, by the cloud server, a face region image from the input faceimage; step B2. calculating, by the cloud server, a first characteristicvalue of each face sample image in the face sample image library and asecond characteristic value of the face region image; step B3.calculating, by the cloud server, a characteristic distance between thefirst characteristic value of each face sample image in the face sampleimage library and the second characteristic value of the face regionimage, to obtain multiple second characteristic distances; anddetermining, by the cloud server, the face feature similarity value,FFSV, according to the multiple second characteristic distances.
 2. Themethod according to claim 1, wherein the step of calculating a firstcharacteristic value of each face sample image in the face sample imagelibrary comprises: dividing the face sample image X_(i) into threesub-images X_(i) ^(u), X_(i) ^(m) and X_(i) ^(b) (i=1,2, . . . , M);generating dual samples X_(i) ^(n′, X) _(i) ^(m′) and X_(i) ^(b′)respectively for X_(i) ^(u), X_(i) ^(m) and X_(i) ^(b), wherein X_(i)^(u′) is a dual sample of X_(i) ^(u), X_(i) ^(m′) is a dual sample ofX_(i) ^(m), and X_(i) ^(b′) is a dual sample of X_(i) ^(b); decomposingX_(i) ^(u), X_(i) ^(m) and X_(i) ^(b) respectively into a first sampleX_(i e) ^(u)=(X_(i) ^(u)+X_(i) ^(u′))/2and a second sample X_(i o)^(u)=(X_(i) ^(u)−X_(i) ^(u′))/2 according to the dual samples;constructing a covariance matrix with respect to the first sample andthe second sample respectively; determining the orthogonal normalizedeigenvectors of the covariance matrix of the first sample and theorthogonal normalized eigenvectors of the covariance matrix of thesecond sample respectively; according to the first eigenspace formed bythe orthogonal normalized eigenvectors of the covariance matrix of thefirst sample and the second eigenspace formed by the orthogonalnormalized eigenvectors of the covariance matrix of the second sample,determining the projections of the first sample and the second samplerespectively in the first eigenspace and the second eigenspace;determining the characteristic values of X_(i) ^(u), X_(i) ^(m) andX_(i) ^(b) according to the projections of the first sample and thesecond sample in the first eigenspace and the second eigenspace,respectively; and determining the first characteristic value of the facesample image X_(i) according to the characteristic values of X_(i) ^(u),X_(i) ^(m) and X_(i) ^(b); and the step of calculating the secondcharacteristic value of the input face region image comprises: dividingthe input face region image into three sub-images; generatingcorresponding dual samples respectively with respect to the threesub-images; decomposing the three sub-images into a first sample and asecond sample respectively according to the dual samples correspondingto the three sub-images; constructing a covariance matrix respectivelywith respect to the first sample and the second sample of the threesub-images; determining the orthogonal normalized eigenvectors of thecovariance matrix of the first sample and the orthogonal normalizedeigenvectors of the covariance matrix of the second sample respectively;according to the eigenspace formed by the orthogonal normalizedeigenvectors of the covariance matrix of the first sample and theeigenspace formed by the orthogonal normalized eigenvectors of thecovariance matrix of the second sample, determining the projections ofthe first sample and the second sample in the eigenspace; determiningthe characteristic values of the three sub-images according to theprojections of the first sample and the second sample in the eigenspace;and determining the second characteristic value of the input face regionimage according to the characteristic values of the three sub-images. 3.The method according to claim 1, wherein the preset threshold is themaximum value among multiple first characteristic distances, or anaverage value of multiple first characteristic distances.